313095-android-trojan

 

An evolutionary malware, known as the “Accessibility Clickjacking”, has been discovered by SkyCure, a US-based global mobile threat Security Company, and revealed to the world at the 25th annual RSA conference, which is the world’s biggest cyber-security event, that just ended on Friday the 4th of March.

 

The Accessibility ClickJacking” malware is a critical and dangerous discovery

 
In their study, the company discovered that the start of the advanced mobile malware had already impacted more than half a billion Android devices globally. This very modern mobile malware had the capability to not be detected in scanner detection, which is usually based on signatures, static and dynamic analysis approaches, the company had pointed out in its report.

 
“Accessibility Clickjacking can allow malicious applications to access all text-based sensitive information on an infected Android device, as well as take automated actions via other apps or the operating system, without the victim’s consent.

 
If you want to see accessibility clickjacking in action, just watch the video from Skycure below, which utilizes a free ‘Rick and Morty’-themed game to get users to unknowingly enable certain accessibility features:

 

 

A number of functions and capabilities had been put into web browsers and web servers in order to limit the clickjacking risk, the mobile platform was still a vulnerable platform and, therefore, it showed that Android is still susceptible to similar kinds of threats.

 

Smartphone users of the Android operating system were advised to be careful when playing games or running applications, as hackers were able to create simple so-called “benign” games that could automatically trigger the “Accessibility ClickJacking” in the background unbeknownst to the owner of the device.

 

The malware could allow malicious apps to get hold of all text based sensitive information on the affected Android devices and take automated actions via other apps or even the operating system. Malicious apps include emails, text messages, data from messaging apps, and important business applications such as CRM software, marketing automation software and more. This makes Android users vulnerable to the games and applications they download.

 

When let inside the victim’s device, the hackers could, therefore, change passwords. However the security did mention that the malware was only active on older versions of the Android operating system accounting for 65 percent of these devices and said that there was no reason to worry for users of the latest operating systems, Lollipop and Marshmallow platforms. Anything between Android 2.2 Froyo to Android 4.4 KitKat was most likely to be affected by ClickJacking, SkyCure noted.

Share